APPENDIX 5 - UPDATED.xlsx
Contents
1. What Quality Assurance processes are used during development of the software Is there a scaling model that can be applied Please provide benchmark statistics per CPU or unit license including page throughput pages per second Describe how the application can support multiple test staging and production environments Please list any key function points and processes to supporting this approach Describe how a code release can be rolled back Describe the features available within the platform to support the deployment of code updates across the environments in particular deployment to the production environment Which testing approaches tools are supported a a a 0 00 o CO Oo gt N j gt page 26 of 35 Requirement Statement of Priority Compliance Technical Requirement Development Mandays Supplier Comments page 27 of 35 Requirement Statement of Priority Compliance Technical Requirement Development Mandays Supplier Comments page 28 of 35 Requirement Statement of Priority Compliance Technical Requirement Development Mandays Supplier Comments page 29 of 35 Requirement Statement of Priority Compliance Technical Requirement Development Mandays Supplier Comments page 30 of 35 Requirement Statement of Priority Compliance Technical Requirement Development Mandays Supplier Comments page 31 of 35 Requirement Statement of P2. JAble to receive content amp pump data to the OBU This should be done in both wired manner or wirelessly Mandatory Monitor must support playback media and audio output Mandatory Driver information Map of trip Rate your taxi Taxi information Mandatory Selection menu Video Promotion JAllow programming of content where user can navigate the content being displayed on the monitor Mandatory Able to support the folllowing modes of content distribution Ja Able to push amp receive content remotely e g wireless connection cellular network Mandatory b Media stored on local storage either OBU or Rear Seat Monitor and incremental updates sent over the air 5 Change Management 5 1 End User Training __ Oooo EEE eee Taxi drivers Taxi Command amp Control Centre SPAD Information Technology SPAD Road Based Licencing SPAD Complaints Management SPAD Mandatory Enforcement SPAD Taxi Network Operators 5 1 2 __ End user training shall be conducted in a classroom set up swith adequate hands on training to the participants Mandatory O lt oOo O ooo O 5 2 IT Administration Training Mandatory oP Supplier to conduct IT Administration Training to the identified personnel who will man the IT Operations of the Taxi Command amp Control Centre and Centralised Taxi Mandator Booking amp Dispatch system 4 IT administration training shall be con
3. 3 7 5 Able to track and manage network operator s bookings for TEKSIM_ Mandatory OP 3 7 6 The CRM system shall be a web based system Mandatory PO 3 7 7 _ The CRM system must support a combination of Web interface the same functionalities Mandatory JO 3 7 8 _ The CRM system shall have sort able and filter able columns on all views Mandatory PO 3 7 9 The CRM system shall provide users the capability to personalize all views based on the users preference Mandatory OP 3 7 10 __ The CRM system shall have printing functions available on both soft and hard copy Mandatory OP E page 10 of 35 Requirement Statement of ID Technical Requirement Priority Compliance Development Mandays 3 7 10 The CRM system shall support multi channels customer interactions over phone email counter letter fax and sms 3 7 12 The CRM system must be designed to support future expansion of customer interactions such as web channel The CRM system must provide a navigation pane for easy maneuvering of features and capabilities The navigation pane can be collapsed or hidden for full view of the 3 7 13 Stas Mandatory CRM information or data and can be call out easily for futher navigation The CRM system must present information in view forms Each view form presents data in overview format rows and columns and a preview pane for the CRM record Mandat curently selected or highlighted is presented for quick review of the specific CRM r
4. It chauld ha na ihla ta 4 1 3 4 Able to accept or decline jobs 4 1 3 5 Able to provide confirmation to the driver once the driver has successfully accepted the job OW OTY O ODS d Epted Ww U allg W ude DU O ed CO 4 1 1 34 JOBU must have 24 month warrant Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Highly desirable Highly desirable Mandatory ee ey ce eae ee oh ay ee pe Mandatory Mandatory Mandatory ADIE CO a Distance travelled b Amount charged c Time taken 4 1 3 6 d Customer name s e Payment method cash credit card debit card Touch N Go f Number of passengers g Additional remarks about each trip h Receipt number for each trip 4 1 3 7 Able to remind drivers on advance jobs that was accepted pre booking Optional O SSS SS 4 1 3 8 Able to support 2 way text messaging with the call centre only pre defined text messages Optional O Of page 13 of 35 Requirement Statement of ID Technical Requirement Development Mandays Priority Compliance Able to inform driver and emit audible alarm when he is driving above the speed limit Mandatory sSY Tr 3 1 StF labe to receive broadcasted messages from Taxi Command amp Control Centre Mandatory Able to display the following information about projected K a Number of estimated taxi passengers arriving at KLIA amp KLIA2 in the next 3 hours with breakdown of passenger count for each hour
5. Mandatory Able to translate passenger ratings into a Merit points if the passenger provides good ratings of the driver b Demerit points if the passenger provides poor ratings of the driver Mandatory The merit and demerit points scale and criteria must be configurable These points will then be fed into DIS either via batch interface or online interface If an online F ie N page 6 of 35 Requirement Statement of Priority Compliance Content Management Mandatory oP 2 7 1 Manages content creation storage updates and distribution to the Rear Seat Taxi Monitor and OBU Mandatory oP Must allow playback media display information amp allow interactive communication Mandatory Content management should support the folllowing modes of content distribution a Able to push content remotely e g wireless connection cellular network Mandatory b Media stored on local storage either OBU or Rear Seat Monitor and incremental updates sent over the air Upload methodology a Programming is transmitted autmatically to the vehicle via the internet by using wireless network b Optional method Direct to the point DTTP Update schedules by weekly basis Driver information Video playing amp interactive area Settings Brightness volume Taxi information Rate your taxi Footer Branding copyright Selection menu Videos Promotion Events Movie ID Technical Requirement Development Manda
6. Mandatory Mandatory Mandatory Highly desirable OBU supports data compression before transmission for smaller data volumes Mandatory 1 Able to automatically guide driver to pickup point and then to destination via real time GPS navigation with an on screen map and audio directions This includes turn by turn amp an electronic voice to inform the driver whether to turn left or right the street name and how much distance to the turn 1 OBU has built in connectivity to GSM 3G Edge LTE and or WiMAX networks and WiFi The supplier must specify if an additional antenna needs to be installed on the taxis and the specification of the antennas Mandatory Mandatory OBU has built in global positioning system GPS capability The supplier must specify which GPS technology is used e g Standalone GPS Assisted GPS Mandatory OBU supports Wireless LAN connectivity Highly desirable OBU supports VGA output with 800 X 600 resolution and above Mandatory Ub tor tuture expansion INe supptier must specity whic Mini A Mini B This is to enable to OBU to be connected to the following in taxi vehicle equipment a Rear seat taxi monitor LCD touch screen b LED taxi status panel Mandatory c 1 smartphone table screen to be used as display for the OBU d Panic button BU supports a CAN bus 2 0B port b 5 x External RS232 Serial Ports c 1x SD Card Slot Highly desirable d 1 x Ignition Input e 2 x Digi
7. b Number of airport limo in queue at KLIA and KLIA2 c Number of budget taxis in queue at KLIA and KLIA2 d Number of TEKS1M in queue at KLIA and KLIA2 Supplier Comments OBU able to store data if in offline mode and retransmit back the data once there is connectivity Able to install and set up panic button so that it is not visible to the taxi passenger and accessible to taxi driver This is to promote safety for taxi drivers Able to immediately alert both the Taxi Command amp Control Centre with the following information a Vehicle details of the taxi in distress b Aa of S driver on uer b Vacant Available Mandatory c Reserved On call d Off duty Q axi status LED display must display the statuses in distinct colours However the colour assignment must be configurable a Vacant Green b On call Reserved Orange c Hired Red Maridatory d Oft duty Yellow Amber L ONN Red ashing E OUOW a Brightness gt 5 000 cd sqm outdoor b Viewing Angle H 110 V 50 c Optimal Viewing Distance 1 50 metres d Working Temperature 20 C 60 C f Working Humidity 30 100 RH g Diameter of LED 3 75 mm h Pixel Pitch 6 mm i Working Voltage DC 5V 10 V j Power Consumption 8W 14W 4 5 3 k Control Mode RS232 USB and wireless Mandatory l Multi language Support English Bahasa Malaysia m Self contained clock and spare battery not paused once powered
8. h Date the report was generated 2 1 2 4 Mandatory page 2 of 35 Requirement Statement of Technical Requirement Development Mandays Supplier Comments Priority Compliance UDeTa Olid REDO H U O O Diad a aly DY ax ODETI ALO a e dX ELWOrK ODET atO Usage To track and monitor the complaints and flag out the top 3 taxi operators that garner the most complaints Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Nature of complaint e g delays poor manners of the taxi driver c Taxi registration number d Number of complaints daily monthly quarterly yearly e Dates and times when the complaints were lodged in YYYYMMDD hh mi ss format f Location of the incident that triggered the complaint Usage To track and monitor the offences and flag out the top 3 taxi operators taxi network operators that accumulated the most offences violations Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Type of offences committed e g non usage of taxi meter bringing taxi passengers on an unnecessarily long route c Taxi registration number d Number of offences violations committed daily monthly quarterly yearly e Dates and times when the offences were committed in YYYYMMDD hh mi ss format f Location of the offence 2 1 2 5 Mandatory U aly DY operato Orive U purpose 2
9. 1 2 6 Mandatory Opetatro Port tan S aRtowil Allatysis Dy tax Operators alld taxT TECWOrK UpeT ators Usage To track and monitor the taxi breakdowns based on taxi operators and taxi network operators and flag out the top 3 taxi operators taxi network operators that has the most breakdowns Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator 2 1 2 7 b Date and time when the breakdown s occurred Mandatory c Date and time when the breakdown s ended i e problem was fixed and the taxi was operational again d Duration of the breakdown e Location of the breakdown f Taxi registration number Operational Report Supply and demand analysis for different areas areas can also be defined as zones sectors etc if necessary Usage To analyse and monitor the taxi supply and demand patterns on an hourly basis based on areas zones sectors Note the granularity of the observation window must be adjustable if SPAD needs to observe using smaller observation windows e g a snapshot once every 30 minutes Fields includes the following but not limited to these a Area Zone Sector name b Are Zone Sector ID c Observation window start datetime d Observation window end datetime e f s h 2 1 2 8 Mandatory Number of taxis actively working plying the route within the area Number of passengers that have placed taxi booking within the area Number of passe
10. 14 3 1 Ensure the Systems and Applications used to service SPAD are safe secure and managed to provide optimal service CA 14 3 2 Systems hosting services for SPAD should be configured to perform safely securely and provide availability to the defined SLAs Mandatory JU Place logical and physical separation on systems used for delivering the services of SPAD from others If a shared hosting model is used protect the SPAD related 14 3 3 Mandatory services to ensure separation of the data and access 14 3 4 Disable unnecessary and insecure services and protocols Mandatory 14 3 5 Configure the systems to prevent misuse Mandatory page 20 of 35 Requirement Statement of ID Technical Requirement Priority Compliance Development Mandays Supplier Comments 14 3 6 Encrypt all non console administrative access using industry standards e g SSH VPN SSL TLS andor fd 14 3 7 _ Ensure logging and audit trails are enabled to identify access to SPAD related systems and service platforms Mandatory ss Enable processes to provide timely forensic investigation in the event of compromise of any hosted system relating to SPAD Mandatory Protect SPAD Confidential Data Mandatory Keep SPAD Confidential data secure develop a data retention and disposal policy and limit the storage and retention to a limit that is required for business legal Mandatory purpose 14 4 3 Do not store authenticati
11. Document Mandatory oP 1 1 2 3 Detailed Low Level Design Document Mandatory OOO O O Of 1 1 3 Conduct walkthrough of design high level design and low level design Mandatory OOO O Of Application development customisation This includes coding effort required to address all requirements gathered throughout the project Deliverables must include but not limited to the following 1 1 4 1 System Development Document establishes the hardware and network development approach including methodologies tools and procedures to be employed Mandatory 1 1 4 2 Integration Document describes the assembly and interaction of the hardware network and any other components of the system Mandatory Mandatory 1 1 4 3 Test Analysis Report s presents a description of the unit tests and the results mapped to the system requirements also identifies system capabilities and deficiencies Mandatory Release Notes provides summary information regarding the current release of the system being built typically includes major new features and changes and identifies known problems and workarounds Source codes 1 4 5 Ja Main source codes COTS in escrow account Mandatory b Changes customisations Delivered to SPAD Application development configuration This includes all configuration required to address all requirements gathered throughout the project Deliverables must include but not limited to the following M
12. Mandat b Once every 500 metres travelled whichever comes first ancarory Note These parameters should not be hard coded but should be flexible enough to be modified by SPAD in future via a configuration console Able to view and track taxi vehicle speed in real time The observation frequency suggested are a Once every 5 minutes and or Mandatory Development Mandays b Once every 500 metres travelled whichever comes first PO fe Note These parameters should not be hard coded but should be flexible enough to be modified by SPAD in future via a configuration console 2 2 4 Able to view information about the driver and passenger on the taxi vehicle that is being tracked Mandatory Able to display information about taxis on a real time map which includes but not limited to a Estimated Arrival Time b Estimated Distance c Estimated Fare d Notification for delay e Driver Contact Information f Taxi Registration No and other details such as make model color oe Mandatory g Rating capability These information can be displayed on the Taxi Command amp Control Centre so that the personnel manning the Command amp Control Centre can view on a map the following details a Taxi status e g hired available reserved thse should be colour coded b Taxi passengers including their waiting time if the waiting time exceeds a certain threshold then the colour indicator changes from green to amber to red of zone
13. and monitor system performance on daily weekly monthly and yearly basis 15 9 15 Able to design screen accessible to group of Users based on the common role defined but only able to perform transaction or draw information specific to the User id peer ee 16 System security 16 1 Security Architecture 16 1 1 Security infrastructure architecture diagram provided Mandatory Mandatory Mandatory Optional Optional 16 1 2 Network properly segmented Public access network service and back end Mandatory 16 1 3 Passengers and drivers originated traffic separated from O amp M traffic Mandatory 16 2 Physical Security of System facility management 16 2 1 Single points of failure have risk mitigation plans Mandatory 16 2 2 Physical intrusion into system internals sets off alarms logs Mandatory 16 2 3 Device is secured in managed network environment with strict physical access controls Mandatory 16 2 4 Network and Physical Segregated from end user computing equipment Mandatory 16 2 5 System has adequate power electricity supply Mandatory 16 2 6 System has adequate temperature controls in place e g air conditioning Mandatory 16 3 Network Security for O amp M 16 3 1 Static route or
14. are changed regularly Mandatory OP _14 8 6 Regularly cleanup IDs of terminated users and disable access of inactive users Mandatory PO __14 8 7 Restrict access to systems by vendors for the period of activity only and based on documented change management request Mandatory 14 8 8 Ensure that passwords meet the best practices for complexity size validity and non predictability Mandatory ie _assword fatures after an acceptable number of times should feck out the account to prevent any Further attempts te eg dander ff 14 9 _ _ Track and Monitor all access network resources and PH Mandatory Logging mechanisms and the ability to track user activities are critical in preventing detecting or minimizing the impact of data compromise The existence of these Mandatory logs allow the investigation of incidents and identifying improvements to networks Ensure all network access to system components is tied to individual accounts which are not shared Mandatory Implement automated audit trails for all system components to identify individual access action taken with elevated privileges use of identification and authentication tokens invalid logical access attempts changes in audit logs creation and deletion of system level objects For applications defined by SPAD as critical systems logs on Mandatory user viewing activities must also be captured where applicable Record at least the following information in the audit trail entries
15. common ID Mandatory PO 15 6 10 Must protect critical file programs from unauthorized access Mandatory PO 15 7 __ Mandatory for all critical applications amp systems OOo G Highly desirable J o o o o S 15 7 2 Must force users to change assigned first time passwords on the first login 0 Mandatory PO Must be random and comply with rules for complexity size and content i e gt 7 characters in length contain mixed case special characters and numerals and should 3 not be a dictionary word or proper name See SPAD password guidelines Mangatory 15 7 4 must not display its system identifiers e g O S type last login date etc until the user has logged in successfully Mandatory 15 7 5 must not have hard coded passwords anywhere in the application system modules scripts or batch files which can be read as plain text Mandatory 15 7 6 must not transmit user ids amp passwords in plain text over the network between the user and the application server system Mandatory page 22 of 35 Requirement Statement of Technical Requirement Development Mandays Supplier Comments Priority Compliance 15 7 7 _ must have logs audit trails of all system configuration changes or modifications to user accounts access or profile settings Mandator 15 7 8 must have sufficient audit log details to trace all critical activities to the individuals who initiate the change e g date time user machine amp IP that c
16. entry exit mileage driven within the zone Geo fences are monitored on a vehicle by vehicle basis Information about entry and exit from a geo fence boundary is stored as separate events that either get stored on the OBU or gets sent up the Taxi Command amp Control Centre when data is communicated Furthermore user defines rules for vehicle fleet single or several vehicles and particular geofenced area or several locations at a time a Geofence direction when vehicle enters the area and when it leaves the are only when enters only when leaves the area b Event severity none information only alert c Event access level limited public i ert in vehicle ves no 2 2 6 Mandatory Mandatory Fleet Management System must include the following sub modules a Driver Management display data on driver personal information driving licence and driving training Data can be pulled from external sources e g DIS b Vehicle Management display data on vehicle registration information and vehicle licence Data can be pulled from external sources e g SIKAP c Schedule Management Manage allocation of drivers to vehicle and driver working schedule e g to prompt drivers to move to a different area where the passengers are underserved d Route Management 2 2 8 e Telemetry Management Notification Management Mandatory f Performance Management g Cost Management h Fare Management i Fuel Management j Maintenance Management
17. hardware selected and application Vendor to ensure that it is the latest 7 2 version Mandatory Note At present SPAD uses MS undoes based servers To supply install configure and maintain application servers storage and network related equipment for RDBMS 7 3 Mandat Tenderer must propose a fail safe high availability optimized database environment with the ability to upgrade vertically and horizontally See At present SPAD uses MS SQL Server as its database hence the preferred DB platform is MS SQL However if the system proposed does not support the preferred DB platform the tenderer is to iustifv and nravide alternative DR nlatform Development framework for application server Java or NET Framework However tenderer can propose any better development framework but must use industry standard protocol and technology VEtWOTRTI TE anaaTa 7 4 1 Supports industry standards including TCP IP HTTPS 2 Able to ensure IP address used in the applications must not be hard coded 3 Able to provide all the TCP ports used by the applications and its subsystem 4 Able to utilize Network design techniques to appropriately prevent broadcast congestion and outages 7 5 i arnt Mandatory 5 Able to provide the Network bandwidth and or volume assumptions and projections 6 Able to provide expected Network performance and quality of service based on designs and plans 7 Mandatory Contains safeguards to prevent malicious attack
18. network related equipment for IT Monitoring tool The monitoring solution must be Enterprise version and has 2 modules Mandatory 1 hardware monitoring to monitor servers resources such as CPU memory network ports windows services etc 2 software monitoring to monitor web application web services database etc For hardware monitoring The proposed solution shall be able to monitor availability and response time of application servers The proposed solution shall be able to recognize data patterns in Windows event log to correlate raw networks events filters events and display event notifications that are useful to administrator The proposed solution shall be able to provide root because analysis from the information gathered The proposed solution shall be able to generate out of box reports such as business application performance in but not limited to CSV HTML or PDF formats The proposed solution shall be able to provide Mean Time To Repair MTTR and Mean Time Between Failures MTBF for each application and services The proposed solution must be able to Record a sequence of HTTP requests and configure it to be checked at regular intervals of time The proposed solutions shall be able to seamlessly integrate all components to provide visual health views Mandatory page 17 of 35 Requirement Statement of Priority Compliance O O d O O URL Monitoring URL Visitor total number Record amp Playback HT
19. o To o o a Aging accounts b Aging status c Collection status of accounts d Aging amount for each account aunts here refe a taxi network onerators and anv other 3rd narties that connect with CTSS and update the Totlowing Dased he Totlowing Mandatory Mandatory cw ee 37 Nhe system must have a collection center that gives historical data account notes and payment histories to help with collection efforts The system must provide instant access to Collections Reports by Invoice number or by customer These reports must be viewable for 1 month 3 months 1 year or any interval specified by the user Mandatory The system must support viewing of collections Debtors information for just 1 customer or all customers Mandatory The system should support identification of collections trends throughout the year to compare monthly performance Detailed Aging Report should give a list of all outstanding Invoices Credit Debit Memo It indicates how old the debt is and displays customers taxi network operators telephone number if you need to give them a quick courtesy call Mandatory Mandatory page 9 of 35 Requirement Statement of Priority Compliance peveiopment Mandays ID Technical Requirement customers with debts of more than 90 days overdue You can send customer statements to all customers with balances or pick and choose who you want to send Mandatory statements to 3 2 3 Inter operator Set
20. off n High Contrast 4000 1 o Lifetime 100 000 hours p Mean Time Between Failure MTBF 50 000 hours q Dimensions of the panel display area Height 76 mm Width 304 mm Weight 4 5 kg or lighter r Waterproof and anti vibration IP65 s Can be powered on and off according to ignition status Ac nart nf the cithmiccinn the tenderer must nradiuco 4 6 Rear Seat Taxi Monitor 4 6 1 _ Physical specification page 14 of 35 Requirement Statement of Priority Compliance peveiopment Mandays Technical Requirement minimum specifications a Screen size Diagonal 6 5 16 9 and above b Touchscreen Interactive touchscreen c Supported resolution 640 x 480 1920 x 1080 d Physical resolution 800 H x 480 V WVGA e LCD brightness 650 cd m f Contrast Ratio 300 1 g Viewing Angle 140 Horizontal 80 Vertical h Response Time Tr Tf 6 10ms Typ i Touch Screen Interface USB port j Operating Voltage Range DC 10V 24V Mandatory k Power Supply DC 12V l Power Consumption lt 22W m Operating Temperature 10 C 85 C n Storage Temperature 10 C 95 C o Dimension mm 189 89W x 123 89H x 36 04D mm p FCC CE E13 Certification q ROHS Compliant r 24 Month Warranty s Supports Android OS Setup of rear seat taxi monitor must be secured against vandlism unintended case open theft and illegal modification Supplier Comments Application specifications Mandatory
21. policy based dynamic routing updates Mandatory 16 3 2 Approved Encryption used for sensitive information e g O amp M traffic Mandatory 16 3 3 Split tunnelling disallowed if VPN is used Mandatory 16 4 Logical Access Security Console Remote Dial in LAN for O amp M 16 4 1 System application authentication required on all systems amp network elements Mandatory 16 4 2 TACACS RADIUS LDAP used Mandatory 16 4 3 User Id to privilege level matrix provided Mandatory 16 4 4 No attached modems If required for OoB maintenance then modems must require a password to login and call back method implemented Mandatory 16 4 5 Warning banner setup Mandatory 16 4 6 Inactivity timeout set and activated Mandatory 16 5 User Account and Password 16 5 1 Supports creation of unique Userids Mandatory 16 5 2 Supports privilege escalation Mandatory 16 5 3 Supports group privilege Role based privileges Mandatory 16 5 4 Guest account disabled Mandatory 16 5 5 Force change user account password for first time login Mandatory 16 5 6 Supports password expiry Max age 30 60 days Mandatory 16 5 7 Supports password change min age 2 5 days Mandatory 16 5 8 Supports password history keeps gt 6 previous passwords Mandatory 16 5 9 Supports min password length gt 8 characters Mandatory page 23 of 35 Requirement Statement of Priority Compliance 16 5 10 i e passwords must have Alpha Numeric Special character and be composed o
22. scratch Mandatory Programs and Data components within the system are sufficiently protected to enable implementation of Data Classification Mandatory File System security should protect and ensure that O S and Configuration files can only be modified by privilege access with logging Mandatory Host Security Network services updated with latest stable patches fixes Mandatory System hardening checklist provided and signed off by vendor Microsoft based systems also require Microsoft Baseline Security Analyzer audit report with no critical failures Mandatory ID Technical Requirement Development Mandays Supplier Comments DO e Tiesa post rin Detector System HDS stad ard acted and ais Sento SPAD raraged rewera cener OOOO OOo fle 16 8 5 Yea Assessment VA performed yaad securty personnel and found dean ofonywineabiies OOOO o fee 16 8 6 or norcstandard apatancefservers vendor has provided baseine security document containing eval rales perts and protocols reqed for sevice on estener persto O 16 8 7 Preval conte to remon enredo OOOO natty BN O 16 9 2 Secure remote access implemented if remote access is required SSH Mandatory PO 16 9 3 SNMPv2 or higher used Mandatory e S O 16 9 4 Default SNMP community strings public amp private changed Mandatory PO __16 9 5_ Fixed source and destination IP used for SNMP amp Syslog traffic Mandatory PO P
23. travelled daily weekly monthly quarterly annually d Taxi maintenance ratio daily weekly monthly quarterly annually Zhe Mandatory Usage To analyse and compare the operational profitability of taxi operators taxi network operators Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Total operational cost daily weekly monthly quarterly annually c Total collections received daily weekly monthly quarterly annually d Total profitability daily weekly monthly quarterly annually Taxi cost recovery index daily weekly monthly quarterly annually 2 1 2 1 Mandatory s o uw aN w N A he reno NAS Generated E ANalytical KEport Taxi U ALIO ate Allaly e g 7 O otar ta operato O Ola CE Usage To analyse and monitor the taxi utilisation rate of taxi operators taxi network operators Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Total number of taxis in fleet daily weekly monthly quarterly annually Mandatory c Total number of taxis in service plying the route and actively servicing passengers daily weekly monthly quarterly annually d Total number of taxis out of service daily weekly monthly quarterly annually e Taxi utilization rate daily weekly monthly quarterly annually Date the renart was generated 2 1 2 1 page 4 of 35 Requirement Statement of Technical Requirement q Priority Complian
24. user identification date and time type of event success or failure of attempt origin of event 14 9 4 f Mandatory identity or name of affected data system or resource component 14 9 5 Synchronize all critical systems clocks and times to approved Network Time Protocol NTP servers of at least level 2 Mandatory 14 9 6 Secure audit logs so they cannot be altered and use file integrity monitoring tools to detect changes and issue alerts when such changes occur Mandatory 14 9 7 _ Limit access to audit trail logs to those with a need to know Mandatory 14 9 8 Keep audit logs in a central log server or media that is outside the control or access of administrators whose system components are being logged Mandatory 14 9 9 Keep audit logs of systems components on the external segments secured on internally hosted central log servers Mandatory page 21 of 35 Requirement Statement of Priority Compliance Technical Requirement Review logs of all system components at least daily the following systems should be included in such reviews security control devices like firewalls intrusion detection Mandatory P prevention tools Development Mandays Supplier Comments 14 9 11 Keep audit trail logs for at least 1 year consider keeping 3 months online and the rest offline if resource is a constraint Mandator
25. using a web form or a self service portal an e mail can be automatically sent to the customer confirming that a new case record has been created z S ZIZIZ F ZIZIZZ ZIZIZIZIZIZ a 2 f z iw Mandatory A configurable case status data field is used to track the status of each case e g new escalated on hold closed etc Mandatory Any time a case record is created or updated a history record of the change is automatically created and associated with the case Mandatory A variety of predesigned case management reports are available for immediate use Mandatory Predesigned case related analytics charts and graphs are available for display on dashboards and reports Mandatory When new case records are created they can be automatically assigned to the appropriate person using predefined assignment rules Mandatory When cases are assigned to someone this person can be automatically notified of the case via e mail Mandatory Case records can be automatically assigned to a work queue using predefined assignment rules that multiple people can access them from Mandatory When working from a work queue or a list of cases a user can simultaneously take ownership of multiple case records i e assigning him or herself to the cases Mandatory When working from a work queue or a list of cases a user can simultaneously assign the ownership of multiple case records to another person or queu
26. 0 drivers Mandatory Year 2 2 700 drivers Year 3 3 700 drivers f e system and network must be able to run and support a minimum of these job Technical Requirement Development Mandays Supplier Comments 12 3 Year 1 42 900 jobs day Mandatory Year 2 58 300 jobs day Year 3 80 300 iobs day e system and network must be able to run and support a minimum of these peak job orders per hour 12 4 Year 1 6 000 jobs hr Mandatory Year 2 8 100 jobs hr Year 3 11 100 jiobs hr Web service performance 12 5 Mandatory Web services which are exposed to external parties must be able to respond to requests within 10 seconds Ormance testing Performance testing to include load testing stress testing endurance testing and spike testing This is to be done using automated tools such as but not limited to LoadRunner Jmeter Rational Application Development suite Tenderer can propose a better tool if possible Performance testing should provide the following details a Concurrency Throughput b Server Rie time 12 7 Able to perform and support concurrent handshaking session with up to 20 taxi network operators Handshaking should include encryption e g SSLhandshake Mandatory 13 Client Sree of Booking Application Portal 13 1 Desktop screen resolution Screen resolution support should be flexible and configurable It should support screen resolution of 1024 onwards Manda
27. 4 1 2 1 OBU supports interface to taxi fare meter This interface must be tamper proof 4 1 2 2 Must comply with JPJ s regulations on taxi meter specification and use e OBU must be able to integrate with the taxi meter via RS23Z to extract these parameters from the taxi on a periodic basis e g once an hour and transmit it to the Taxi Control Centre a Total Travelled Distance Km b Total Hired Distance Km c Total number of hired trips d Total number of trip in after midnight when surcharge is applied e Distance travelled breakdown by trips Km f Time of each hired trip YYYYMMDD hh mi ss 4 1 2 4 g Daily total travelled distance h Daily operating starting time i Daily total hired distance j Drops total fare k Daily total amount l Daily total number of hired trips m Paid Km n Start Date amp End Date 4 1 2 5 The OBU must be able to activate or deactivate the taxi meter via the RS232 connection Application specification 4 1 3 1 JOBU supports audio input and output 4 1 3 2 OBU application must support 2 language options which include Bahasa Malaysia English a Pickup point b Destination c Customer name d Customer contact number e Number of passengers for the trip f Luggage space requirement g Additional remarks from passengers e g special requests from passengers h Route of trip i ETA Alata
28. Check the list of user accounts against the AD LDAP for users who have left the company and then disable and flag them for removal within a reasonable period of time Optional e g remove dormant accounts after 3mths Monitor logs for intrusion regularly and escalate suspicious activities to the security teams Mandatory Able to define common and specific roles tied to the authorization access rights for a more structured access matrix definition and ease of maintenance Mandatory Able to define grant the lowest level of access rights display rights create rights change rights delete rights etc Mandatory Able to create user ID as per user defined parameters and user access groups e g group by VIP LOA etc Mandatory Ability to request for new password under all scenarios Mandatory System must have administrative function to enable administrator to configure modify roles access rights and access groups Mandatory Does the application come standard with System Administration Menu that consists of an easy to define and maintain Authorization Maintenance function Mandatory Able to clearly design and segregate internal and external type of access to protect and detect wrong assignment of internal access right to external parties Mandatory Does the application come standard with System Administration Menu that consists of online real time system monitoring with the ability to perform system health 15 9 14 i k Mandatory check and diagnosis to analyse
29. From APPENDIX 5 To be copied to submitted APPENDIX 5 by Tenderer Statement of Compliance Please rate each of the requirements against your Sao platform as follows 4 out of the box or configuration using business user tools 3 minor development 2 days or less coding unit testing 2 major development 3 days or integration to another system Centralised Taxi Service System CTSS Functional Requirements A Functional Requirements Requirement Statement of Priority Compliance ID Technical Requirement Development Mandays Supplier Comments 1 Application Software Taxi Control Centre Centralised Booking amp Dispatch In Taxi Vehicle Equipment Scope of application software Perform requirements gathering Deliverables must include but not limited to the following User Requirement Specification includes functional requirements non functional requirements use case analysis System Requirement Specification includes software hardware and networking requirements specifications Functional Specification Perform application design Deliverables must include but not limited to the following Technical Design Specification includes functional designs user stories graphics design mockups usability studies UML diagrams business process diagrams data Mandatory Mandatory Mandatory Mandatory Mandatory e Mandatory model specifications etc 1 1 2 2 High Level Design
30. TP Request and URL Content Monitoring page The proposed solution shall be able to simulate web transitions Support a series web page transaction For example log into web mail access mail inbox and log out Ability to check for keywords for each step or web page access Mandatory Ability to record the time taken for each step or web page access The proposed solution shall be able to monitor the health status of the database The proposed solutions shall be able to monitor Windows services using WMI 8 4 Capacity planning System is to design for 5 years capacity Tenderer to provide detailed capacity sizing breakdown and justify it based on transaction volume Mandatory J Data Retention Policy All system logs transactional logs and database logs must be stored at least for 7 years for auditing and investigation enforcement purposes Project nomenclature Standard naming convention shall be used for all source codes environment documentations Version control All source codes documentations configuration and other deliverables in the project must be version controlled Delivery approach a Custom development resources should be based on site at SPAD office b Package sla ree amp integration resources should be based on site at SPAD office Technical Requirement Development Mandays Supplier Comments Mandatory Mandatory Mandatory Highly desirable D 9 PEE amp Testing Procedure 9 1 On T
31. a ae Pe a No insecure network services enabled e g FTP TFTP Telnet r services RPC NFS NetBIOS X Windows Naming Services POP3 SMTP etc Unused network interfaces have been disabled e g Bluetooth Wi Fi eth2 16 10 Maintenance amp Support gt gt S o T y _16 10 1 Maintenance Support plan includes continuous fixes patches to be provided and supported by vendor S O Mandati o G O 16 10 2 Support contact information and escalation process provided Mandatory OP e y General Questions General Please propose an offer whereby a public private partnership PPP model is used PF ID Services and Support Please describe the location of the support team after the project Po S2 Please describe the option and costs around levels of support S3 Please describe the numbers of support core platform development and professional services resources available and their geographic location Z 54 Please describe the ongoing relationship that SPAD will have with you once contracts are signed S o s5______ Please describe the extent of warranty provided with the implementation duration cost process for accessing it S So s6______ Please describe the ongoing Application Maintenance services recommended application operations maintenance and support o o O OJo y S7 After go live what is the process and cost structure for implementing a small change e g 3 days 58 After go live what is the
32. agement database and presentation are logically separated for a scalable system a Presentation tier displays information related to such services as playing back taxi route listing business rules configured It communicates with other tiers by outputting results to the browser client tier and all other tiers in the network b Application tier coordinates the application processes commands makes logical decisions and evaluations and performs calculations It also moves data between Mandatory the two surrounding layers c Data tier Data is stored and retreived from a database or file system The information is then passed back to the logic tier for processing and then eventually back 1 2 1 page 1 of 35 Requirement Technical Require t echnical Requiremen Priority Development Mandays Supplier Comments anguages to be supported a Taxi Command amp Control Centre Bahasa Malaysia English 1 2 2 b Centralised Booking amp Dispatch Bahasa Malaysia English Mandatory c In Taxi Vehicle Equipment Bahasa Malaysia English i i i Bahasa Malaysia Engli Information displayed on the In Vehicle Equipment Taxi Control Centre and all reports must be localised to Malaysian values e g a Time zone 0800 GMT Taxi Control Centre Centralised Taxi Booking amp Dispatch and In Taxi Vehicle Equipment to be integrated a Standardised user interface as defi
33. all Pickup Response Time Peak amp Non Peak Mandatory Drop Call Analysis Peak amp Non Peak Call Operator Peformance Analysis 37 c ustomer Relationship Management Note The CRM system proposed must be flexible and scalable enough to be able to add on other modules e g Sales Mandatory J would be used for CTSS as well as for complaints Management Department CMD If CTSS detects an offence has occurred Fleet Management System will automatically create a case in CRM which will be automatically routed to Complaints Management Department CMD in SPAD It will also automatically transmit a warning message to the OBU in the offending taxi to warn the driver that he she is committing an offence Upon receiving this case CMD will then investigate based on the details provided and if CMD confirms that it is a valid offence then CMD will log the case within ISPAA Once the case has been logged with ISPAA SPAD Enforcement will then proceed to raise the Investigation Paper IP and take action against the To supply install configure and maintain application servers storage and network equipment for Customer Relationship Management CRM System Mandatory 3 7 3 Allow help desk team to register a customer account on behalf of the network operator passwords are auto generated and emailed to customer Mandatory lt 4i o o 3 7 4 Able to track and manage network operator s profile Mandatory J
34. ance Development Mandays Supplier Comments a Taxi Network Operator confirms the booking via athe web booking portal as outlined in section 3 1 2 3 and informs the passenger via the web portal the details of the taxi a Taxi registration number 3 1 3 3 Estimated time of arrival ETA Mandatory c Estimated fare d Driver s name 13 1 4 kf Taxi Network Operator Forwards Sells the Job to Other Networks Mandatory s i a Taxi Network invokes the SPAD CTSS order forwarding application portal also in scope within this CTSS RFP to sell the job to other taxi networks On this portal the operator fills in the following details i Passenger name ii Pickup point location in terms of exact coordinates iii Destination iv Date and time when booking was made by passenger b The job details are received and processed by Taxi Order Forwarding Engine a component in CTSS Centralised Booking amp Dispatch and relayed to all taxis connected to CTSS except taxis associated connected to the originating taxi network operator taxi operator c Meanwhile in each of the taxis the job details are displayed on the on board units also in scope within this CTSS RFP and the taxi drivers are alerted via audio alerts d Once a taxi driver accepts the job the details of the driver are transmitted by the on board unit OBU to the Taxi Order Forwarding Engine The details are i Taxi registration number ii Est
35. and send this kind of information to taxis to try to get more customer there and to increase the income Mandatory Mandatory Able to automatically coordinate 2 way data transmission receiving and handshaking from all taxis to the Taxi Control Centre regardless of weather conditions i e data transmission and receiving must be possible even in inclement weather Data captured must include all but not limited to data parameters specified under the Performance Management System and Fleet Management System sections above Mandatory Mandatory Able to report on drivers behavior which includes but not limited to the following a Speed Violation including the number of occurrence for each violation and flag out the top 3 most frequent violations b Harsh Braking c Harsh Acceleration Mandatory d Taxi Meter Disconnection e Onboard Unit Disconnection 2 5 1 To supply install configure and maintain application servers storage and network equipment for Driver Tracking System ____ o o U Oo 2 6 1 To supply install configure and maintain application servers storage and network equipment for Merit Demerit System ss Able to keep track and record merit and demerit points operator licensing vehicle and driver details for taxi drivers taxi operators and taxi network operators based on data flowthrough from DIS ne aLa e and ax en e dera na nave exceeded a nre daemnea numpnerc Q ala an una De me ame 2 2 2
36. andatory Mandatory Mandatory Mandatory Mandatory 1 1 6 1 Unit Test Mandatory 1 1 6 2 Integration Test Mandatory 1 1 6 3 System Test Mandatory 1 1 6 4 User Acceptance Test Mandatory 1 1 6 5 Performance Test Mandatory 1 1 6 6 Operational Readiness Test Mandatory 1 1 6 7 Post Deployment Test Mandatory e TOWMOWINg aspects must be conligurable and Not Nara coded a Business rules e g taxi dispatching rules rule to determine data mining criteria to analyse data b Tariff for inter operator settlement rates c Alarm thresholds to trigger alerts alarms to call centre personnel manning the Taxi Command amp Control Centre e g to alert when offence occurs d Content e Maps should be enterprise edition with richer features e g point of interest f MSISDNs to send notification to passengers to verify confirmed bookings Mandatory Reports Operational and Analytical reports Note This must be part of the requirements gathering design build test and deploy delivery lifecycle Documentation Reports user requirements specification functional design technical design application diagram amp setup user manual amp standard operating and maintenance procedure including operations manual service level agreement SLA training handbook 1 2 General requirements Multi tier architecture whereby applications processing business rules data Man
37. as few seconds delay caused by mobile network latency Supplier Comments Routing information of current order or last order can also be shown Furthermore Taxi Command amp Control Centre Operator will also be alerted if any aggressive Mandator driving or customize events happened and can show taxi log data in a chart for example the speed range of the taxi y 2 3 GIS Maps Mandatory 2 3 1 To supply install configure and maintain application servers storage amp network equipment for GIS and Map solution fs 2 3 2 Able to find origin and destination address on a map based on street name business name places of interest postcode GPS coordinates and others ave geo coding as part of location management functionalities Geocoding enables to convert any street address or zip postal code into associated geographic coordinates longitude latitude and display it on the map This feature offers the user possibility to a Quickly search for particular location points of interest POIs b Map multiple locations at a time Mandatory Able to support multi layered map to support road aerial and hybrid modes Mandatory Able to view job orders on a map real time with ability to access information about the job including but not limited to the following a Job details when driver accepted jobs e g customer contact pickup dropoff locations Mandatory b Passenger name and other relevant information 2 3 7 Map should be a
38. ble to show up till street level 2 3 8 Map must show the latest road terrain condition 2 3 9 Map server comprise of updated GIS map system 2 4 Auto Data Capturing Obtain vehicle fault data information through proposed In vehicle Unit The fault data should be recorded in device stored in system and displayed in statistical report Mandatory form Vehicle driver can check the statistic report for the detection and supervision to identity the vehicle condition proactively and statistically apture real time position data GPS coordinates latitude and longitude of taxis on periodic basis once in 5 minutes or once every 5UU metres whichever occurs earlier so that the data can be used to perform a Latest Tracing Display Playback b Real time Position Viewing Mandatory c Real time Speed Trend Viewing d Distance travelled by taxi and driver a Path and Journey Recognition b Journey Kilometer Calculation c Journey Average Speed Statistic Mandatory d Dangerous Behaviour Recognition e View and playback past path tracking a ourne nce on GIS map Log the information such as driver behavior RPM speed GPS location any harsh brake or acceleration etc Alert message will be triggered to the taxi driver and operator for notification if certain event happens such as harsh brake or speeding Collect traffic condition and taxis trajectories as probe data to profile road network and identify potential high pick up zone
39. ce Able to perform data mining and perform detailed analysis of the data captured in CTSS in order to detect offences committed by taxi drivers This is done when the data mining module detects anomalous conditions above a pre defined threshold These insights will also be channelled into reports generated by the system Mandator E g if a taxi is driven over a long distance but the percentage of time when the meter is turned on falls below a certain pre defined threshold then CTSS must flag this y out to the Taxi Command amp Control i Supplier Comments d C z d UO d d C DTO eC o Driver information that needs to be synchronised includes but is not limited to a Driver s name b Driver s age c Driver s date of birth ae A A Mandatory d Driver s driving licence details e g licence class licence number e Driver s IC number f Driver s past traffic offences g Outstanding summonses Able to interface with SIKAP the followings are information from SIKAP to be shared with CTSS a Licensing information b Operator information CG ween information Mandatory d Zoning information Driver information Fleet Management System Mandatory 2 2 1 To supply install configure and maintain application servers storage and network equipment for Fleet Management System OoOo O OS Able to view and track taxi vehicle location and movement in real time The observation frequency suggested are a Once every 5 minutes and or
40. d daily monthly quarterly yearly Dates and times when the accidents occurred in YYYYMMDD hh mi ss format s page 3 of 35 Requirement Statement of Priority Compliance Date the renn ALA aene ar Operational Report Distance travelled and fare charged per trip broken down by taxi drivers Usage To track and monitor any anomalies with regards to taxi fares charged by drivers based on distance and to facilitate trending and planning e g with regards to taxi fare review In addition this information will be used to facilitate enforcement Fields includes the following but not limited to these a Drivers names b Company that the driver is attached with c Taxi Network Operator that the driver is attached with d Start datetime and end datetime for each trip Mandatory e Distance travelled for each trip f GPS coordinates of the trips to enable playback of trip g Fare charged per trip h Taxi meter status for each trip e g active inactive i Start datetime and end datetime when the taxi meter was activated j Date the report was generated a al Report Taxi ide Breakdo Kate Analyst Usage To track and monitor the rate of taxi breakdowns based on taxi operators and taxi network operators Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Number of breakdowns daily weekly monthly quarterly yearly c Location of breakdowns to identify hotspots Cause
41. d upper case characters numerals 0 9 and special characters like Mandatory JU 15 3 8 The application does not accept password change initiated by non human account Mandatory PO _15 3 9 The application must validate the user s credentials on each session so that revoked credentials are immediately barred from access to the application Mandatory OP T O _15 3 10 The web application use POST method for transmission of user input Mandatory S S O _15 3 11 The application or database should not store user credentials hardcoded or in plain text within the application Mandatory _ __ __ O _15 3 12 The application have an account lockout feature to address cases where the user s credentials are entered wrongly a few times consecutively Mandatory J o T O _15 3 13 The application must support creation and using User Groups or Role Based Access for privilege management Mandatory PO S O 15 3 14 Privilege assignment in the application must be granular enough to support the principle of least privilege Mandatory PO The application must be able to authenticate to a central trust architecture like Active Directory AD n Highly desirabl At present SPAD does not have AD infrastructure The tenderer should propose AD if needed ier A The application must prevent the creation of duplicate User ID Every module page hosting sensitive data are being checked for authorization before they are being served by the application Confi
42. details of the driver are transmitted by the on board unit OBU to the Taxi Order Forwarding Engine The details are i Taxi registration number ii Estimated time of arrival ETA iii Estimated fare iv Driver s name e The Taxi Order Forwarding Engine records this as a transaction that is fulfilled by a taxi connected to Taxi Network B assuming that the taxi that accepted the job is connected to Taxi Network B and are viewable via the application portal by the operator Meanwhile the Taxi Order Forwarding Engine sends the following details to the originating Taxi Network Operator within 10 seconds and subsequently the originating Taxi Network Operator pushes the following details to the passenger s booking app i Taxi registration number ii Estimated time of arrival ETA Mandatory Mandatory page 8 of 35 Requirement Statement of Technical Requirement Development Mandays Priority Compliance a Taxi Hebwonk eke the SPAD CTSS order Aan web API ass in scope within this CTSS RFP to sell the job to other taxi networks On this portal the operator fills in the following details i Passenger name ii Pickup point location in terms of exact coordinates iii Destination iv Date and time when booking was made by passenger b The job details are received and processed by Taxi Order Forwarding Engine a component in CTSS Centralised Booking amp Dispatch and relayed to all taxis connected to CTSS except taxis as
43. ducted in a classroom set up with adequate hands on training to the participants Mandatory System Training Mandatory Supplier to conduct System Training to the identified personnel who will maintain and operate the applications related to the Taxi Command amp Control Centre and A Mandatory Centralised Taxi Booking amp Dispatch including Call Centre page 15 of 35 Requirement Statement of Technical Requirement Priority Compliance Development Mandays Supplier Comments ystem training shall comprise Technical data and network architecture Configuration Management User ID Management Mandatory System Installation System Monitoring 0 z PO O T DO T ees nowledge Transfer ne Supplier sna j a Dasis ondu owledge a e TOUOwIN audie Taxi drivers Taxi Command amp Control Centre SPAD Information Technology SPAD Road Based Licencing SPAD mangers Complaints Management SPAD Enforcement SPAD g axi Network Onerato 5 6 Stakeholder Engagement Mandatory The supplier shall support SPAD in all stakeholder engagement sessions as necessitated by SPAD Mandatory B Non Functional Requirements Requirement Statement of ID Technical Requirement TR A Priority Compliance Development Mandays Supplier Comments 6 Software Hosting amp Licensing i Software hosting Mandatory The supplier must install the software in house hosted in SPAD environment If th
44. e Mandatory When working from a work queue or a list of cases a user can simultaneously change the status of and escalate multiple case records Mandatory When working from a work queue or a list of cases a user can simultaneously close multiple cases Mandatory Case escalation rules can be defined that will control the automatic escalation of a case if it is not resolved within a certain period of time Mandatory Case escalation rules can be defined that will control the automatic escalation of a case when specified conditions are met including values input into custom data Mandator fields s i i i i A 3 7 60 The system must allow for configurable service level agreement management Mandatory 3 8 Customer Relationship Management Integration to the Mitel IP Pabx System with Screen Pop Function Ee C The proposed CRM must be able to support the Mitel IP Pabx system with Contact Center Solutions that required having a Computer Telephony Integration CTI function to support Screen Pop functionalities of the caller information via Caller ID The system shall have the support of the Contact Center Solutions which is based on Web Based system The system proposed shall provide the Integration required of the CRM to the web based system proposed here with the Screen Pop Functionalities The CRM system shall support at the initial of 32 Agents and up to maximum of 150 Agents and fully integrate with the Mite
45. e supplier wishes to propose a cloud computing model the supplier should quote the hosted option as the primary option with associated costing and the cloud computing option as the secondary option with its associated costing The supplier shall supply system software such as operating system database antivirus intrusion detection system etc Mandatory This applies on both the primary site and the DR site Software licensing amp support Software licence pricing should be either open source or based on perpetual software licence However annual software licence can be considered with strong justification Mandatory Mandatory 6 2 2 The software proposed must have extensive vendor and industry support i e it must be used in at least 10 active implementations worldwide Mandatoy J 6 2 3 The supplier is responsible for supplying 3rd party software that will enable the web services to be exposed to taxi network operators Mandatory J 7 Back end Infrastructure and Hardware o supply install configure and maintain application servers storage and network equipment for project Note At present SPAD servers are all virtualized and runs on VMWare platform Hence the preferred solution should be based on virtualised solution rather than Mandatory physical servers erver operating system Windows Server minimum Standard Edition Linux minimum Enterprise Edition Depends on
46. ecord enearo Supplier Comments Each view comes with native analytic or dashbord for graphical presentation of the CRM record being viewed Mandatory Each view comes with native analytic or dashbord for graphical presentation of the CRM record being viewed Mandatory Personalized conditional formatting can be applied to each view to highlight CRM records Mandatory Each view can be personalized by the user to enrich the experience Mandatory The CRM system must provide data search capability on every views Mandatory The search capability can be configured to search over pre configured columns in the views Mandatory The CRM system shall be able to search and index all documents stored in the repository as well as the information on Mandatory the database Mandatory andatory andatory andatory andatory andatory andatory andatory andatory andatory andatory andatory andatory 3 7 35 JA workflow engine is available to help implement best practice case management activities 3 7 36 olution records can be associated with hyperlinked to case records 3 7 37 pen and closed completed customer service and support activities can be associated with hyperlinked to case records 3 7 38 omment and note records can be input into case records 3 7 39 andatory andatory andatory ocuments and files can be associated with hyperlinked to case records Mandatory When a new case record is created via customer input
47. es should be reviewed regularly to ensure the services rendered are secure Mandatory fo 14 1 5 Network and Systems design documents detailing the storage access transport protection of SPAD related data should be kept current to enable audits Mandatoy Jo 14 2 Access to Systems and Applications Mandatory oP 14 2 1 Ensures that the applications servicing SPAD are secured and access to these applications are managed effectively to allow only authorized users access to them Mandatory ff 14 2 2 Public accessibility of the system component should be prohibited from all vectors of access e g wired and wireless Mandatory J Data repositories containing SPAD confidential data Database files etc should be placed in a securely protected internal network segment and encrypted using the latest available and secured technology Access to such data should be limited to only to authorized users under the control of the Service Provider and authorized to work on the contract The authorized user list for both application and systems must be validated periodically to ensure the list is current Remote access to such data should be strictly controlled and monitored to ensure network connectivity is made over encrypted secure channels and authentication Mandatory Mandatory Mandatory performed to validate the authorized users Mandatory 14 3 System and Application configuration Mandatory PT
48. ession ID is dynamically generated for the user accessing the application Mandatory PO _ 15 5 6 The application is prohibiting session based Cache Mandatory PO 15 5 7 The application is design to enforce the use of non persistent cookies Mandatory PO 15 5 8 The application logs must be stored separately from the application binaries so that access is not available thru the application Mandatory OP 15 5 9 The application must generate Audit Account Management logs Mandatory PO ee ee 15 6 1 Must store passwords in an encrypted form using a one way hash algorithm e g MD5 Mandatory PP _ 15 6 2 Must store password files separately from the main application or system data or apply stronger protection to the password file Mandatory OP 15 6 3 Must not display passwords on the screen when being entered Mandatory PO 15 6 4 Shall enforce a configurable password expiration between 30 to 60 days depending on its criticality ptional o e T O _ 15 6 5 Shall enforce password change by users prior to expiration Mandatory PO 15 6 6 Must enable lock out control on user accounts after a reasonable number of unsuccessful attempts usually 3 Mandatory _ 15 6 7 Must provide a secure method for users to change their passwords Mandatory PO 15 6 8 Shall provide audit trail of authentication successes and failures Mandatory PO 15 6 9 Must allow creation and usage of unique individual User ID users should not be forced to use a
49. esting Procedure able to develop and maintain test data and repositories i Mandatory O Of Unit Testing Functional Testing System Testing Performance Testing Load Testin Stress Tesina Mandatory Integration Testing Regression Testing i Security Testing j Post Production Testing All the test specified in Testing Procedure except for User Acceptance Test will be carried out by the Appointed Vendor to test and will be reviewed by MSTB which shall act as the independent verification and validation IVV organization appointed by S P A D On Testing Procedure able to and flexible to comply with SPAD documentation standards testing specifications and requirements Mandatory On Testing Procedure able to perform good and truthful recording and reporting of test results On request able to conduct walkthrough of test results with SPAD Mandatory On Testing Procedure able to correct defects in a timely manner which does not impact the overall project timeline and recall for testing again Mandatory On Testing Procedure specifically on User Acceptance Test able to plan and conduct a smooth User Acceptance Test with environment data test script test cases and DR Boe ae Mandator clear instruction to assist Users to test fully and comprehensively all the processes the different scenario and all the critical functionalities within the new system y On Testing Procedure specifically on User Acce
50. f mixed case Mandatory O O O 16 5 11 Disallows use of passwords from dictionary list Mandatory J y y Password not stored in clear text Mandatory Default passwords disabled changed Mandatory Password not hard coded anywhere in the system e g applications scripts batch files Mandatory Password masked when being input Mandatory Remote passwords must not be transmitted in the clear e g use SSL HTTPS Mandatory Lock and log after min of 3 and max of 5 unsuccessful login attempts Mandatory Display date amp time of previous successful login after successful login Mandatory Display details of unsuccessful login since the last successful login Mandatory Privileged Userid e g Root to be handed over to Ops amp Changed Mandatory Security Logging and Auditing for O amp M Security events log enabled for all type of access e g console remote terminal etc Mandatory Log time amp date available Mandatory Log entries be sent to remote log server e g using syslog Mandatory Time sync performed on SPAD time server NTP Optional Application Security Applications updated with latest patches at time of release Mandatory All services not required by the system are turned off Mandatory All test and pre production data scripts programs removed Mandatory Backup BCP arrangements agreed and documented Mandatory Rebuild Restore Recover process media and documentation has been provided in sufficient detail to build system from
51. g proper quality of communication service i Receives either by regularly polling or event based triggers from taxi network operators the following KPI data On time delivery Non delivery No Show Abandoned calls percentage Rejection percentage Average hold time Average Call time Mandatory Section 3 4 has been removed Computer Telephony Integration CTI Mandatory To supply install configure and maintain application servers storage and network equipment for Computer Telephony Integration Mandatory Able to popup screen when calls are routed Pop up screen must contain the following a Automatic Number Identification ANI b Dialled Number Identification Service DNIS Mandatory b MSISDN b Customer name if customer profile is already registered in the system Able to perform automatic dialing Mandatory Able to function as a basic phone Mandatory Able to perform call transfers Mandatory Call logging and auditing Mandatory Able to record store and retrieve telephone calls for quality improvements later Mandatory Able to provide reporting on analysis on call rate no of drop call average call duration average response time etc and other standard call centre reports Mandatory Able to report on call centre performance which includes but not limited to the following a Incoming Call Analysis Peak Non Peak Answered Drop b Call Duration Analysis Peak amp Non Peak C
52. guration Management The application configuration data and files are secured with appropriate file permissions Default TCP ports are configured for the application and other associated components Sensitive Data The error messages generated by the application are checked to ensure no sensitive information is passed back to the user e g Keys query statements other Mandatory Mandatory Mandatory Mandatory Mandatory 15 5 1 f Mandatory variables and values debug information etc _ 15 5 2 All sensitive PII data as specified by the business sponsor must be encrypted O Maday Eef _15 5 3_ Any application functions to transfer PII data to 3rd party must get clearance from Security team in SPAD S O Manty o G y O 15 4 Availability Management Mandatory e G O 15 4 1 The application must be designed and provisioned for business continuity disaster recovery Mandatory fo 15 4 2 The application is designed with High Availability HA Mandatory S O 15 5 __ Session Management S T S T 15 5 1 Authentication Cookies transmitted securely during transmit S O Mdeon S S O _15 5 2_ The content of authentication cookies are encrypted Mandatory PO 15 5 3 The application support idle session timeout of 30 minutes Mandatory PO 15 5 4 The application enforce re authentication after idle session timeout Mandatory PO _ 15 5 5 A non predictive s
53. he following but not limited to these a Drivers names b Company that the driver is attached with c Taxi Network Operator that the driver is attached with Mandatory d Booking time i e exact time that the taxi booking request is sent by passenger in YYYYMMDD hh mi ss format e Dispatch time i e exact time that the taxi is dispatched to the passenger in YYYYMMDD hh mi ss format f Dispatch SLA missed by time i e the time that the SLA is missed in hh mi ss format g Passenger pickup time i e exact time that the taxi picked up the passengher in YYYYMMDD hh mi ss format ad h i h tha Cl A ic miccad in hh mi ce 2 1 2 3 Operational Report Average waiting time for taxis by taxi operator for peak amp non peak hrs Usage To determine the waiting time for taxis as a proportion of the total trip time This is to determine traffic patterns and to be used for planning purposes e g when reviewing fares Fields includes the following but not limited to these a Drivers names b Company that the driver is attached with c Taxi Network Operator that the driver is attached with d Start datetime and end datetime for each trip e GPS coordinates of the trips to enable playback of trip f GPS coordinates of the locations where the taxi waiting time exceeds a threshold pre defined by SPAD different threshold set for peak and off peak periods g Wait times in seconds broken down and rolled up per trip
54. imated time of arrival ETA iii Estimated fare iv Driver s name e The Taxi Order Forwarding Engine records this as a transaction that is fulfilled by a taxi connected to Taxi Network B assuming that the taxi that accepted the job is connected to Taxi Network B and are viewable via the application portal by the operator Meanwhile the Taxi Order Forwarding Engine sends a notification SMS to the passenger via SMS gateway also in scope within this CTSS RFP within 10 seconds The notification SMS contains at minumum the following details i Taxi registration number ii Estimated time of arrival ETA 3 1 4 1 a Taxi Hewan invokes the SPAD CTSS order forwarding web API also in scope within this CTSS RFP to sell the job to other taxi networks The input parameters would include the following i Passenger name ii Pickup point location in terms of exact coordinates iii Destination iv Date and time when booking was made by passenger b The job details are received and processed by Taxi Order Forwarding Engine a component in CTSS Centralised Booking amp Dispatch and relayed to all taxis connected to CTSS except taxis associated connected to the originating taxi network operator taxi operator c Meanwhile in each of the taxis the job details are displayed on the on board units also in scope within this CTSS RFP and the taxi drivers are alerted via audio alerts 3 1 4 2 d Once a taxi driver accepts the job the
55. k Phonebook amp Contact Management page 5 of 35 a ALATO A 2 2 7 Fleet management server comprise of performance monitoring application for SPAD operation and taxi management for taxi operator This server shall communicate irs with the OBU installed in each taxis Requirement Statement of ID Technical Requirement Priority Compliance Development Mandays 2 2 9 Vehicle location for relocation re deployment Analyze the concentration of customers base on booking data to relocate taxi to more productive area Taxi Command amp Control Centre Operator can easily monitor and check the location and status of taxis to see any abnormal activities through the Execution Overview screen For example they can check is there any taxis go outside their authorized service zone if the company divides the territories into different service zones or Mandator areas taxi is not allowed to go Furthermore Call Center Operator also can track any abnormal journeys with the taxi status is Available which might be a non meter y driving trip is taking right now Graphical user interface that shows taxis details on a map so Taxi Command amp Control Centre Operator can more easily to recognize the location and status of taxis Taxi s current location will also be shown on the map and also taxi status such as such as Vacant Reserved Hired or Out of Service Moreover taxi Mandatory information is near real time as it only h
56. l Contact Center system used in SPAD When an agent in the contact center receives a call the caller ID information is available and a Screen Pop of the caller information should be presented to the agent before answering the call 3 8 6 The system shall support Web Page from the Contact Center Screen Pop function that launch the Caller Profile when an agent answer an ACD call Please refer addendum on Contact Center Screen Pop application or Web page when agent answers an ACD Call 3 9 CRM Integration to ISPAA and SIKAP O O O O O O OSS 3 9 1 CRM must be integrated with ISPAA and SIKAP Please refer addendum on ISPAA and SIKAP background 4 1 500 In Taxi Vehicle Equipment 4 1 On Board Unit OBU Physical specification page 11 of 35 Requirement Statement of Priority Compliance ID OBU casing must be rugeddized and must withstand the following temperature range 4 1 1 1 ja OC to 60C 5 to 95 non condensing operating Mandatory b 20C to 80C 0 to 95 non condensing storage UBU U DE PTeTeraDIY ade Up O dela aD a Screen b Interface terminal unit that can act as a bridging interface between the 12 types of taxi meters authorised by Jabatan Pengangkutan Jalan Malaysia and Android smartphones and tablets Technical Requirement Development Mandays Supplier Comments Mandatory Hence it must contain both a USB ports b Serial ports Mandatory Mandatory Mandatory Mandatory
57. me components but allows the user to continue using the software Initial installation milestones are at minimal risk Severity 1 being most severe while Severity 4 being less severe a Severity 1 Production server or other mission critical system s are down and no workaround is immediately available 11 Disaster Recovery Business Continuity Backup amp Replication 11 1 Disaster Recovery Mandator Disaster Recovery DR site from SPAD s other office premise SPAD HQ Platinum Sentral y Business Continuity 11 2 Failover to DR site if a failure occurs shall be automatic with no loss in data during the failover It should also be seamless to taxi network operators and passengers Mandatory The tenderer must successfully conduct at least 1 cycle of failover testing Backup Mandatory Data backup shall be taken off the primary site once a day and backed up onto SAN storage However tenderer can propose a better backup solution page 19 of 35 Requirement Statement of Priority Compliance Replication Mandatory Data must be replicated real time active active between the primary site and DR site 12 Performance Criteria e system and network must be able to run and support a minimum of these number of users per day i Year 1 3 900 drivers Mandatory Year 2 5 300 drivers Year 3 7 300 drivers e system and network must be able to run and support a minimum of these peak number of users per hour 12 2 Year 1 2 00
58. mmendations made by the IVV to ensure the quality of the TPM Mandatory system and its operation meets the needs and requirements 10 Service Levels Hours of operation downtime window Technical Requirement Development Mandays Supplier Comments Mandatory Hours of operation 24 hours X 7 days Mandatory Downtime window 3 hours between 2 am 6 am Availability per calendar month 99 aK Mandatory allover interruption e g On loss OF WeD a RSO 50 of service performance b RTO lt 2 hours Mandatory c RPO close to 0 Severity 1 2 hours Severity 2 12 hours severity 3 48 hours Mandatory Severity 1 2 hours Severity 2 12 hours Mandatory Severity 3 48 hours All or a substantial portion of mission critical data is at a significant risk of loss or corruption There is a substantial loss of service Business operations have been severely disrupted Severity 1 support requires you to have dedicated resources available to work on the issue on an ongoing basis during your contractual hours b Severity 2 Mandatory Major functionality is severely impaired Operations can continue in a restricted fashion although long term productivity might be adversely affected A major milestone is at risk Ongoing and incremental installations are affected A temporary workaround is available c Severity 3 Partial non critical loss of functionality of the software Impaired operations of so
59. nable these reports to be utilised by other parties within SPAD e g dashboard system Mandatory a GUration OT service covered DY taxi operato UpeTa oq Usage To determine if taxi drivers are covering the minimum operating daily distance as mandated by SPAD Fields includes the following but not limited to these a Drivers names b Company that the driver is attached with Mandatory c Taxi Network Operator that the driver is attached with d Operating distance travelled by the driver from 00 00 23 59 hrs on that day e Operating time that is travelled by the driver from 00 00 23 59 hrs on that day 2 1 2 1 Beate orra Report CShThibarrsorro OUT passevive D ap Dy taxr operators Usage To determine the no of passengers picked up by passengers on a daily basis Fields includes the following but not limited to these a Drivers names b Company that the driver is attached with 2 1 2 2 c Taxi Network Operator that the driver is attached with Mandatory e The total number of passengers picked up by the driver in that day f The number of trips completed by the driver in that day g The number of passengers picked up by the driver for each trip exact not estimate or average h Start datetime and end datetime for each trip Usage To determine how closely the taxi operators and taxi network operators meet their SLAs This will also be used to monitor and track taxi ridership Fields includes t
60. ned by SPAD during the Requirements Gathering session Mandatory b Receive store and process external data received via secure data transfer mechanism over web services e g SOAP over HTTPS web services REST over HTTPS web services etc The protocol must be an open standard Web based interface and accessible via Internet and intranet Mandatory Supports role based access on users so that only eligible users can view update or delete data based on the roles assigned to him her Mandatory Reporting features include development of standard reports ability to create new reports by user and ability to query based on input parameters Mandatory Intellectual property rights including interfaces and source codes to be owned by the Government of Malaysia If source codes cannot be handed over to SPAD or the Mandatory Government of Malaysia then the supplier must deposit the source codes in escrow and must also demonstrate that the source code works Ea rs ee b Currency RM Performance Management System for taxis Mandatory To supply install configure and maintain application servers storage and network equipment for Performance Management System Mandatory Provides capability to generate reports on the performance of taxi operators and driver including but not limited to the following for forecasting and data planning purposes The reports must be able to be exported to other formats e g xls csv txt rtf This is to e
61. ng is accepted via the taxi network operator Mandatory c If the taxi network operator is able to dispatch a taxi within the same network to the passenger the process completes as per status quo outlined in section 3 1 3 Else the taxi network operator invokes SPAD s web APIs also in scope within this CTSS RFP to sell the job to other taxi networks via CTSS outlined in section 3 1 4 Taxi Network Operator Accepts the Job Mandatory Taxi Network Accepts the Job Source of Booking Phone Booking a Call booking operator confirms the booking in the same phone call as outlined in section 3 1 2 1 and informs the passenger the details of the taxi a Taxi registration number b Estimated time of arrival ETA c Estimated fare d Driver s name Mandatory Note If the passenger is unable to hold the call e g due to an urgent incoming call for the passenger then the system should have the capability of sending notification SMS to the passenger displaying the following details a Taxi registration number b Estimated time of arrival ETA a Taxi Network Operator confirms the booking via the booking app as outlined in section 3 1 2 2 and informs the passenger via the booking app the details of the taxi a Taxi registration number b Estimated time of arrival ETA c Estimated fare d Driver s name Mandatory page 7 of 35 Requirement Statement of Technical Requirement Priority Compli
62. ngers that have been dispatched fulfilled with a taxi within the area Number of oversupply Note this value is tentatively based on Number of taxis actively plying the route Number of passengers that have placed booking within the area If there is an oversupply situation this value will be positive However if there is an undersupply then this value will become negative i Percenta ge of oversupp l ary aly DY ax operato Usage To analyse and monitor the taxi fare charges based on taxi operators and taxi network operators This is to determine fare patterns and to be used for planning purposes e g when reviewing fares Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Observation window start datetime c Observation window end datetime d Total fare collection within the observation window in RM e Number of trips completed within the observation window 2 1 2 9 Mandatory Usage To track and monitor the accidents and flag out the top 3 taxi operators taxi network operators that encounter the most accidents Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Severity of accident e g Fatal Major Minor c Details of accident e g fender bender with another car collided a lamp post d Location of the accident e Taxi registration number f s eNA Mandatory Number of accidents encountere
63. of breakdowns Technical Requirement Development Mandays Supplier Comments UDeTa O a REDO D 2 O b a CA aly DY ax ODEI ALO a e dX d Ve O 2 O 2 DUT DOSE Usage To track and monitor the number of driving hours clocked by each taxi operator taxi network operator and taxi driver and flag out the drivers and the taxi operators taxi network operators they are registered with that do not fulfill the minimum driving hours Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Taxi registration number c Taxi driver d Operating driving hours clocked in that day e Flag indicator if the driving hours do not meet the minimum operating driving hours per day 2 1 2 1 2 1 2 1 anaa Mandatory a Usage To ravelled versus fares collected by each taxi operator and taxi network operator Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Total distance travelled daily weekly monthly quarterly yearly c Total collection daily weekly monthly quarterly yearly d Taxi operational effeciency daily weekly monthly quarterly yearly Zkz Mandatory a ry 1 cost versus distance travelled by each taxi operator and taxi network operator Fields includes the following but not limited to these a Taxi Operator Taxi Network Operator b Total maintenance cost daily weekly monthly quarterly annually c Total distance
64. on data in any readable format even if encrypted Mandatory 14 4 5 Keep Personally Identifiable Information PIl protected from casual access at all times Oe 14 4 7 Ensure all PII and SPAD confidential data are stored and hosted in Malaysia Any exception must be approved by SPAD security team Mandatory Must have a solution in place to prevent sensitive data leakage either using known Data Loss Prevention DLP solution or other means that provide the same outcome Mandatory Use strong encryption to protect PII related to all SPAD services Mandatory Manage access to confidential data centrally and reduce the number of repositories that hold such data Mandatory Do not allow confidential data to be copied to removable media unencrypted by keys available to the service provider Mandatory Protect the keys used to encrypt SPAD confidential information against disclosure and misuse Mandatory Document and enforce all key management processes and procedures and avoid single points of failure in the key management scheme Mandatory Keep confidential data separate from the access and authentication keys used to access the data And ensure both are securely protected Mandatory Use strong cryptography and security protocols when providing access to PII over open public networks Mandatory Never allow the transmission of access control information usernames amp pass codes over an unencrypted channel Mandatory Malware protection Mandatory SPAD
65. onnected to it Mandatory and even viewing confidential information e g PII or information deemed sensitive to SPAD 15 7 9 must enable the display of warning banners restricting access to authorized users only Mandatory 15 8 Desirable Best Practices 15 8 1 15 8 2 15 8 3 15 8 4 15 8 5 15 8 6 15 8 7 Should support configuration of role based access i e it should allow creation of user accounts with administrator privilege to manage administer user accounts rather than having to use a shared single administrator account All important transaction processing Application activities including Viewing activities shall be logged or provide audit trails User account management Create user IDs on the system in compliance with the naming convention used in SPAD Corporate Directory even if the system is not yet authenticated to the AD LDAP source Ensure Administrative users have both a privileged account and a basic user account and that the system requires the user to login to the user account before escalation to privileged access Do not share administrative accounts If unavoidable ensure sufficient controls e g logging is in place to link the activity on the system to a unique user Mandatory De activate the user accounts by resetting their passwords to a random string if they have not been used within a reasonable period Then perform regular maintenance Highly desirable to remove the deactivated accounts
66. ors b Time of day c Weekday vs weekends d Public holidays Supplier Comments centre vs suburbs Billing rates must be configurable and not hard coded Billing functionality must allow definition of multiple bill cycles in a month Must support on demand billing hot billing real time billing batch billing and pro forma billing features e Dilling system must support the following features among other features Deposits Usages for pay per use transactions Adjustments Refunds Mandatory Mandatory Highly desirable Highly desirable Mandatory 3 2 1 6 The billing system must be able to generatebills O O OCO OOOO O UUU S oy SSS 3 2 1 7 The system must have the ability to email invoices from within system Mandatory PO 718 The system must follow up the invoicing portion with additional features such as tracking payments performing automatic billing and emailing overdue statements Mandatory J __3 2 1 9 The system must have features to offer mobile phone and email support PDF or exportable reports Mandatory PO 3 2 1 1 The system must provide instant access to Billing Reports by Invoice number or by taxi network operator taxi operators These reports must be viewable for 1 month 3 Mandator months 1 year or any interval specified by the user The system must support viewing of billing information for just 1 customer or all customers Mandatory r Mandatory
67. ough removable faceplate Mandatory OBUs must be able to interface with taxi status LED display either in taxi or mounted on top of the taxi Mandatory page 12 of 35 ID Technical Requirement 1 2 The OBU must have at least 32GB non volatile memory The taxi driver can only accept jobs when he is logged in to the OBU This login must be done using a device e g RFID device or smartcard with embedded microchip containing driver details that is unique for each driver and cannot be replicated for other drivers The OBU must display the driver s card on the OBU screen and rear LCD screens as soon as the driver logs in Statement of Compliance me Mandatory Requirement Priority Development Mandays Supplier Comments The OBU must remind drivers when the expiry date of the following are near 1 month before expiry 1 week before expiry and on the day of the expiry a Driver s Card b Driver s Licence The OBU should suspend the meter and display a message on the LED status panel that the taxi is suspended when there are Outstanding traffic offences summonses against the driver Driver s licence has expired Driver s card has expired Mandatory Mandatory e OBU must be able to detect and monitor the following possibly via sensors or probes Harsh Braking Harsh Acceleration Dangerous Behaviour Recognition Speeding Taxi meter integration Mandatory
68. process and cost structure for implementing larger projects _ O Z S o S9 After go live what restrictions do you expect there to be for technical resource to make changes Please describe the service levels you will adhere to for 1st 2nd and 3rd line support in and outside of business hours Malaysia time zone Please note the 10 requirements in this area are listed in the NFR requirements spreadsheet page 24 of 35 Requirement Technical Requi t echnical Requiremen Priority Please detail your account management structure and where the Account Manager will be based Implementation Please provide a Use 23rd December 2013 as your project start date SPAD understands this is indicative only as is the start date 11 Please describe the project team structure required for the implementation of the Taxi Control Centre and Centralised Taxi Booking amp Dispatch platform DOO f Please describe the resource requirement you need from SPAD to complete the project DOO f 14 Please describe the location of the implementation and project team throughout the project 5 Please indicate who will be responsible for implementing your solution i e the software provider or a sub contractor 16 Please describe and provide documentation of your implementation approach Include which activities take place in which stage of your implementation plan What are typical timescales for an implementation of this kind If the typical implementation
69. ptance Test the tenderer must be able to develop upfront a comprehensive user acceptance test plans and test cases and acceptance criteria for approval On Testing Procedure specifically on User Acceptance Test able to perform the test embedded with the authorization test Hence upfront implement a matrix of Mandatory Mandatory On Testing Procedure specifically on User Acceptance Test able to coordinate the entire testing including to recommend and assist in the identification of the right role candidate within SPAD to effectively perform the test and provide support for all Authorized Users participating in the testing On Testing Procedure specifically on User Acceptance Test able to provide support and guidance to all the Authorized Users participating in the testing Mandatory On Testing Procedure specifically on User Acceptance Test able to manage and effectively and truthfully record and report user acceptance testing results Mandatory On Testing Procedure specifically on User Acceptance Test able to rectify all the Problems log without impacting the timeline conduct review of the new rectification enhancements needed to rectify the problem prior to make major change to the solution and to proceed with agreement by SPAD Mandatory Mandatory On Testing Procedure specifically on User Acceptance Test able to produce documentation complying to SPAD standard to obtain management approval with supporting document of te
70. related infrastructure should be protected from malware at all times Mandatory Ensure all systems related to the SPAD Service delivery are protected by Malware prevention systems and are kept updated and active at all times Mandatory Patch Management and Application Security Mandatory iaeia become vulnerable as software becomes obsolete or new exploits are discovered Proper patch management and vulnerability assessment mitigates this risk Mandatory 14 6 2 Ensure all system components have the latest vendor supplied patches Mandatory PO E a I 7 14 6 4 Testing security patches prior to release Mandatory S S O 14 6 5 Validation of input to prevent or safely recover from malicious content Mandatory PT 14 6 6 Implementing secure communications Mandatory S T O 14 6 7 Separate development test and live systems Mandatory S S O __14 6 8 Not using live PII in tests S Mandatory S S O 14 6 9 Ensuring no test or preproduction data and scripts exist in live systems environment Mandatory PT 14 6 10 Proper and documented code review process to remove vulnerabilities prior to release to the live environment Mandatory PO 14 6 11 Documented change review process and enforce in the overall process Mandatory PT For all web development initiatives it should be based on secure coding guidelines like OWASP to prevent common coding vulnerabilities Mandatory fo For public facing web application ensure on going application vulnerabilit
71. riority Compliance Technical Requirement Development Mandays Supplier Comments page 32 of 35 Requirement Statement of Priority Compliance Technical Requirement Development Mandays Supplier Comments page 33 of 35 Requirement Statement of Priority Compliance Technical Requirement Development Mandays Supplier Comments page 34 of 35 Requirement Statement of Priority Compliance Technical Requirement Development Mandays Supplier Comments page 35 of 35
72. s and system hijack e g DDOS This refers to intrusion prevention solution that should be provided by the tenderer This feature could be in the firewall itself or standalone IPS equipment Advanced protection for web server will require Web Application Firewall ex Fortiweb Web Ann atinan OALA page 16 of 35 Requirement Statement of Technical Requirement Priority Compliance Development Mandays Supplier Comments Development languages a Mobile development Android and iOS However other development language with strong industry support can also be considered b Integration development Java Net However other development language with strong industry support can also be considered c Web development Java Net script based e g PHP However other development language with strong industry support can also be considered Integration technology approaches Must be based on open industry standards and protocol Network equipment Tenderer to propose all relevant network equipment such as switches routers firewall load balancers IPS etc You can refer to network architecture setup in Mandatory Appendix 6 as a reference but might need to enhance where possible erver Server rack mounted KVM switch keyboard monitors for both primary site and DR site Mandatory Mandatory At present SPAD servers are located in Menara Usahawan Putrajaya and the Disaster Recovery Centre DRC is at Platinum Sentral In the fut
73. sociated connected to the originating taxi network operator taxi operator c Meanwhile in each of the taxis the job details are displayed on the on board units also in scope within this CTSS RFP and the taxi drivers are alerted via audio alerts Mandatory d Once a taxi driver accepts the job the details of the driver are transmitted by the on board unit OBU to the Taxi Order Forwarding Engine The details are i Taxi registration number ii Estimated time of arrival ETA iii Estimated fare iv Driver s name e The Taxi Order Forwarding Engine records this as a transaction that is fulfilled by a taxi connected to Taxi Network B assuming that the taxi that accepted the job is connected to Taxi Network B and are viewable via the application portal by the operator Meanwhile the Taxi Order Forwarding Engine sends a notification SMS to the passenger via SMS gateway also in scope within this CTSS RFP within 10 seconds The notification SMS contains at minumum the following details i Taxi registration number ii Estimated time of arrival ETA 3 1 4 4 Abie to support multi operator environment where each operator can only access to their own tad feet OO O O O O f Marder Tas lable to route jobs of a taxi operator to all taxis based on pre defined business rules e g within a particular radius from the pickup point Mandatory sess ling amp Collections e A a 3 2 Bt Mandatory e Ek a Taxi network operat
74. st script signed by the UAT participants On Testing Procedure depending on the changes during the testing phase able to provide the updated documentation to reflect the final product Mandatory On Testing Procedure able to provide system test ST test plans cases and results prior to UAT Mandatory On Testing Procedure able to provide post production support to monitor closely the defects and provide solution to resolve the defects Problem Note or inquiry Mandatory Problem Cases in a timely manner Supplier must plan and execute security testing according to well established industry standards such as a OWASP Top 10 b WASC Threat Classification i Mandatory The tenderer must indicate in the proposal which standard that the solution complies with Note Any weakness uncovered by Malaysian Software Testing Board MSTB or any other party appointed by SPAD will need to be rectified by the tenderer in a timely manner where the timeline and rectification plan must be agreed upon with SPAD page 18 of 35 Mandatory Requirement Statement of Priority Compliance Supplier must use appropriate test management tools for testing e g the following or equivalent a Rational Quality Manager IBM b Rational Team Concert IBM c Quality Centre HP Mandatory d Testzilla open source e Bugzilla open source 9 20 The Appointed Vendor must investigate identify rectify improve and overcome all the findings and reco
75. stems software that is required OS web server app server DBMS etc to support the Taxi Control Centre Centralised Taxi Booking amp Dispatch Network and In Taxi Vehicle Equipment solution 2 Please describe the ideal hosting configuration of the solution include a high level network diagram in order to meet a 99 5 uptime Please illustrate how you create amend and delete application server instances fF Ulu d V o v Application PD9 ID ID ID a Structure grouping of functionality levels of configuration available b Standards and frameworks employed c Caching d Provision of APIs for other devices or services to access platform functionality e g iPhone application e Ability to integrate to datasources data abstraction and data management Security single sign on support active directory Certification management Please outline how the data model of the solution can be altered and detail areas that can be extended and can t be extended Please indicate the out of the box integration points for the following data objects a Taxi location and GPS coordinates b Estimated distance c Estimated fare d Driver name age language and other relevant information e Passenger name and other relevant information f Expected arrival time g Job details e g customer contact pickup dropoff locations h Ignition Status i Login status j Taxi Registration No and other details s
76. tal Inputs Mandatory BU supports interface to panic button for drivers When the driver or passenger presses on the panic button passenger s panic button is a virtual button on the rear LCD screens the OBU will send alert to the Taxi Command amp Control Centre along with the following information but not limited to 2 ja Driver information b Vehicle information amp location Mandatory Able to support 2 way voice communication full duplex Highly desirable 2 The setup of OBU including its physical hardware and cabling to be secure against vandalism unintended case open theft and illegal modification This also means that the OBU cannot be switched off as long as the engine is turned on and it turns on automatically once the engine is switched on The OBUs must be able to receive content and pump data to the rear panel rear panels are also in scope for this RFP This should be done in both wired manner or 2 wirelessly e g WiFi via protocols with wide industry support e g via DLNA In addition the OBUs must support 2 way digital wireless data communications based on GSM technology to enable SPAD control centre to send announcements to OBUs Note GSM technology must be EDGE i e 2 5G and above Mandatory Mandatory The OBUs must have the feature to be able to play content automatically only in the rear screens Mandatory The OBUs must have anti theft features built in to make it theft proof e g thr
77. timeline is different to that being proposed please explain the differences What is the shortest and longest implementation of your solution Please describe some of the key lessons you have learnt from your previous implementation experiences Are you aware of any unsuccessful attempts to implement your solution If so please detail What risks do you envisage for this project and how would you mitigate these risks Product Details Please itemise the software packages versions and modules that you are proposing for the Taxi Control Centre Centralised Booking amp Dispatch and In Taxi Vehicle Equipment solution D2 D3 D4 Please advise how many clients are currently live on the proposed version of the software Please include a list of clients current on this version and an indication of PD6 their booking transaction volumes PD7 Please advise how many new implementations of your solution have been completed and now live in 2012 Please provide as an attachment s any documentation marketing or otherwise that you believe describes the Vision Capabilities Market Positioning and solution fit D8 as in relation to this Invitation to Tender D10 D11 Technical Please describe your experience of integrating with Oracle Fusion Middleware Oracle Service Bus IBM WebSphere Enterprise Service Bus or other similar platforms as a middleware layer Please also clearly indicate the middleware layer Hosting and Structure Please describe the sy
78. tlement Statements Mandatory PP 3 2 3 1 Provide weekly settlement statements Mandatory PO 3 2 3 2 Statements broken down by taxi network operators Mandatory PO __3 2 3 3 The application must have clearing house features to facilitate settlement claims by other taxi network operators Mandatory OP 3 3 Middleware Mandatory e To supply install configure and maintain application servers storage and network equipment for Middleware Mandatory Ea any time you can send statements with a gentle reminder to customers having debts of less than 30 days overdue while at the same time send a firm message to Supplier Comments Build interface with Driver Information System DIS including daily synchronisation of driver profiles from DIS to CTSS Mandatory Set up Service Oriented Architecture SOA to integrate CTSS with taxi network operators Mandatory Set up and publish service registry to all taxi network operators and other 3rd parties that need to interface with CTSS Mandatory Deliver an Enterprise Service Bus ESB that performs but not limited to the following a Monitor and control routing of message exchange between CTSS taxi network operators individual taxis and other 3rd parties identified by SPAD b Control deployment and versioning of services c Event handling d Data transformation and mapping e Message and event queuing and sequencing f Security or exception handling g Protocol conversion h Enforcin
79. tory 13 2__ Pevelop modify__enhance and integrate with current taxi Operator s ster a Eero oso SS OO Sa 3 Peston bree Support Satan Manila Piste Opera chrome mernet Explorer 7 onwards he mdusthy standard browsers df andateny fd 13 4 Colour depth Should support colour depth of minimum 24 bit onwards Mandatory PO can Sere both a Operation without JavaScript cookies Flash Mandatory b Operation with JavaScript cookies and Flash is required Connection speed Supporting speeds from 56kbps Support must cater for customers on fixed dial up ADSL high speed broadband wireless broadband etc Mandatory Desktop operating system Windows XP Mac OS 9 Linux onwards Mandatory 14 Vendor Security Border Control to protect information related to SPAD Ensures that the controls measures surrounding the systems are adequate and managed effectively Managed border control devices Firewalls Routers Intrusion Prevention Systems etc which are designed to protect the SPAD related infrastructure and data from 12 6 Highly desirable Mandatory Mandatory unauthorized access and abuse are employed effectively to cover all the relevant systems Mancato 14 1 3_ Access to these border control devices should be limited to those with a need and logged to provide traceability of work done Mandatory Teese ae O O 14 1 4_ The network traffic and access control rules applied to such devic
80. uch as make model color oN gt uw Please outline the nature of any import export framework tools included in the solution Please outline any staging production features within that platform and the process for promoting content and data from staging to production Please include details of rollback processes if any Please describe the upgrade process for the solution including tools available and high level steps required il NIS page 25 of 35 Statement of Compliance Development Mandays Supplier Comments Requirement Statement of Priority Compliance Development Mandays Supplier Comments Technical Requirement How long does a typical major version upgrade take What additional functionality is in the platform that isn t included in the functional requirements spreadsheet Please describe how the business tools can be extended to meet new functional requirements What level of configuration can be carried out within the business tools without requiring development e g changing workflow altering form fields creating new data objects Would you recommend customising the business tools to meet the requirements O S o What is the process for training a developer on the required solution and how long would this typically take S So Are the customer services tool s configurable customisable If sohow o So What are the key technical differentiators of the platform _ o S S
81. ure SPAD might shift to MAMPU datacentre might be in Putrajaya or Cyberjaya The proposed solution must take this factor into consideration Mandatory here should also be a data link connecting the primary site to the DR site om the prima o the call centre and from the DR site to the call centre High speed high availability secure IP connectivity from all Taxi Network Operators and taxis to 1GovNet a stable dedicated line for example 10 Mbps or better Tenderer needs to propose a fail safe dedicated optimized bandwidth for CTSS For mobile phones related services the telco coverage must be nationwide Mandatory Please refer to the network diagram in Appendix 6 which illustrates how the taxi network operators and taxis will be connected to CTSS infrastructure which will be housed within 1GovNet i Supplier must set up the test environment similarly to the production environment a Hardware the tenderer must be able to specify the performance differential between the test environment and production environment and set it up accordingly e g production 100 test environment is 25 of production environment b Software software and configuration must be identical as the one in production environment e supplier must supply separate environment instances as follows a development system testing environment b UAT environment Mandatory c production environment d disaster recovery DR Mandatory Requirement in P
82. usat Data Sektor Awam PDSA of MAMPU 7 13 1 To supply install configure and maintain all CTSS related hardware and accessories in PDSA Rack are provided and the model is AR3100 APC by Schneider If the proposed hardware unable to be mounted in provided rack tenderer should provide related 7 13 2 accessories end to end Information 7 13 3 The connection to data center s core switch are using 10g or 1g connectivity The tenderer must provide appropriate cable based on proposed solution Mandatory 7 13 4 The distance between server rack to core switch is up to 20 metres Information 7 13 5 The rack PDU are provided and use C13 or C19 connector only The Tenderer must provide C13 or C19 connector for all hardware to be installed in server s rack Mandatory 7 13 6 Patch panel is provided in server rack Information 7 13 7 Power supply to the rack are 16amp or 32amp Information 7 13 8 Tray cable is on top of the rack Information 8 Implementation Services Project Management Office Supplier must set up and operate a project managament office to manage overall project from start to end The project manager must be PMP Prince2 certified or Mandatory equivalent Security Requirements Ensure hardware set up meet with SPAD and MAMPU s IT security requirements with all related system hardening including but not limited to OS and DB on all new Mandatory To supply install configure and maintain application server storage and
83. y PO 15 Application security 15 1 Input Validation Mandatory S G O _15 1 1_ Ensure input received from the user is valid for the purpose and type requested and remove the possibility of using the input to perform unexpected actions Mandatory o o S T O 15 1 2 All data are validated for parameters like type length format and range Mandatory S e O 15 1 3 The application must validate the input received from user at server side Mandatory PT 15 2 Development Environment Mandatory S e OE 15 2 1 AU production data used for testing of application must be sanitised Mandatory O O 15 2 2 The software developed must use Version Controlling Application Mandatory S e O 15 3 Authentication Mandatory S T O 15 3 1 The application user authentication credentials are not stored in plaintext Mandatory PT 15 3 2 The authentication input and credentials are transmitted over secured channels e g SSL Mandatory PT 15 3 3 Authentication failure message must be checked to ensure no sensitive information is revealed which could be used to guess the credentials Mandatoy Jo o o T O 15 3 4 Password history is enforced so the last 4 passwords may notbereused Mandatory S T O 15 3 5 The application should support change of password Mandatory S e O 15 3 6 The application can support password creation of 8 to 255 characters in length o ooo ia G S e O 15 3 7 The application must enforce complex password i e containing lower an
84. y assessment VA and the use of web application firewall o ff 14 7 Restrictaccessto SS OC OO O O o y S oy O o S S A N and access to Personally Identifiable Information can result in leakage of confidentiality which affects SPAD and its reputation Limiting access to this Mandatory information is the one step in mitigating this risk Practice principle of least privilege provide privileged access to as few features as necessary to perform their job function Mandatory Provide privileged access to as few people as necessary to perform their job duties for Service Delivery Mandatory Collect and monitor and periodically audit use of privileged access Mandatory Access to sensitive and PII information should be denied to all and selectively allowed based on right to know Mandatory User IDs and traceability of user access Mandatory User s access to systems and applications that deal with PII should be kept to a minimum However where access is allowed it must be traceable back to an individual Mandatory to account for the access 14 8 2 Users shall be given unique IDs and sharing of IDs or group IDs should be strictly prohibited Mandatory POP e a a a a O S a O o 14 8 4 Render all tokens unreadable between the end points of the system and client devices during the authentication process by using strong cryptography Mandatory __14 8 5_ Have proper ID management process to ensure access is granted to valid individuals and pass codes
85. ys Supplier Comments Mandatory Mandatory 3 Centralised Booking amp Dispatch Taxi Order Forwarding Engine Mandatory To supply install configure and maintain application servers storage and network equipment for Centralized Booking and Dispatch System Mandatory a eee eee a taxi ea via honei pa b As per the current process the booking is accepted via the call booking operator c If the call booking operator is able to dispatch a taxi within the same network to the passenger the process completes as per status quo outlined in section 3 1 3 Else the call booking operator invokes the SPAD order forwarding application portal also in scope within this CTSS RFP to sell the job to other taxi networks via Passenger books a taxi via booking app smartphone or tablet a Passenger places a taxi booking via smartphone or tablet app b As per the current process the booking is accepted via the taxi network operator Mandatory c If the taxi network operator is able to dispatch a taxi within the same network to the passenger the process completes as per status quo outlined in section 3 1 3 Else the taxi network operator invokes SPAD s web APIs also in scope within this CTSS RFP to sell the job to other taxi networks via CTSS outlined in section 3 1 4 Passenger books a taxi via web booking portal a Passenger places a taxi booking via web booking portal b As per the current process the booki
Download Pdf Manuals
Related Search